Configuring the credential cache for the command line

IBM® Spectrum Symphony, by default, uses the credential cache at /tmp/krb5cc_uid for Kerberos authentication from the command line. You can overwrite this default value through the KRB5CCNAME and EGOCC_FILE environment variables.

About this task

The credential cache file holds Kerberos credentials (for example, tickets, session keys, and other identifying information) in semi-permanent storage. The Kerberos protocol reads credentials from the cache as they are required and stores new credentials in the cache as they are obtained. By default, any user's ticket-granting-ticket (TGT) used on the client side is read from the default Kerberos credential cache (/tmp/krb5cc_uid).

To overwrite this value, you can define environment variables KRB5CCNAME or EGOCC_FILE. If both are defined, KRB5CCNAME takes precedence over EGOCC_FILE.

Procedure

  • Set the environment variable KRB5CCNAME to the absolute path of the credential cache file.
  • Set the environment variable EGOCC_FILE to the absolute path of the credential cache file.